A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
Modern infostealers don't just steal passwords—they harvest the digital identities and context that enable attackers to blend ...
A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research ...
A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
Microsoft patched a Microsoft 365 Android flaw that exposed account tokens across six apps. Here’s what IT teams should check ...
A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Debug flag disabled Microsoft 365 Android token checks, letting untrusted apps access accounts; patches issued May 12 to ...
DuckDB has recently announced Quack, a new remote protocol over HTTP that lets multiple DuckDB instances connect to and work ...
An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The ...
An automated security testing tool for REST APIs, focused on authentication, authorization, and OWASP Top 10 vulnerabilities. Built for penetration testers and security engineers who need fast, ...
While this repository is named "openid-connect", this sample will actually encompass OpenID Connect (OIDC), AuthCode, and Service-to-Service (S2S) authentication and authorization techniques. Version ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results